package com.sec.android.app.sbrowser.certificate;

import android.util.Log;
import com.sec.sbrowser.spl.sdl.SdlLog;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class PKCS11KeyStore {
    private KeyStore mKeyStore;
    private Object mOpenSSLEngine;
    private Class<?> mOpenSSLEngineClass = null;
    private Method mOpenSSLEngineMethodGetPrivateKeyById = null;

    private List<String> getClientAliasesInternal() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.mKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (SBrowserClientCertificateManager.isAvailableAlias(nextElement)) {
                    arrayList.add(nextElement);
                }
            }
            if (arrayList.size() > 0) {
                return arrayList;
            }
        } catch (KeyStoreException e) {
            Log.e("PKCS11KeyStore", "getClientAliasesInternal() failed");
        }
        return null;
    }

    private boolean initializeOpenSSLEngine() {
        try {
            this.mOpenSSLEngineClass = Class.forName("com.android.org.conscrypt.OpenSSLEngine");
            try {
                Method method = this.mOpenSSLEngineClass.getMethod("getInstance", String.class);
                this.mOpenSSLEngineMethodGetPrivateKeyById = this.mOpenSSLEngineClass.getMethod("getPrivateKeyById", String.class);
                try {
                    this.mOpenSSLEngine = method.invoke(null, "secpkcs11");
                } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
                    Log.e("PKCS11KeyStore", "initializeOpenSSLEngine() can't get OpenSSLEngine. : " + e.getMessage());
                }
                if (this.mOpenSSLEngine != null) {
                    return true;
                }
                this.mOpenSSLEngineClass = null;
                this.mOpenSSLEngineMethodGetPrivateKeyById = null;
                Log.e("PKCS11KeyStore", "failed to find secpkcs11");
                return false;
            } catch (NoSuchMethodException e2) {
                this.mOpenSSLEngineClass = null;
                Log.e("PKCS11KeyStore", "initializeOpenSSLEngine() can't find methods");
                return false;
            }
        } catch (ClassNotFoundException e3) {
            Log.e("PKCS11KeyStore", "initializeOpenSSLEngine() can't find OpenSSLEngine class");
            return false;
        }
    }

    public X509Certificate[] getCertificateChain(String str) {
        KeyStore.Entry entry;
        try {
            entry = this.mKeyStore.getEntry(str, null);
        } catch (GeneralSecurityException e) {
            Log.e("PKCS11KeyStore", "getCertificateChain() failed. e:" + e.toString());
        }
        if (entry == null) {
            Log.e("PKCS11KeyStore", "getCertificateChain() getEntry() failed");
            return null;
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            SdlLog.secV("PKCS11KeyStore", "getCertificateChain() PrivateKeyEntry - alias:" + str);
            return (X509Certificate[]) ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
        }
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            SdlLog.secV("PKCS11KeyStore", "getCertificateChain() TrustedCertificateEntry - alias:" + str);
            return new X509Certificate[]{(X509Certificate) ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate()};
        }
        Log.e("PKCS11KeyStore", "getCertificateChain() not a PrivateKeyEntry instance");
        SdlLog.secE("PKCS11KeyStore", "alias:" + str + " class:" + entry.getClass().getName());
        return null;
    }

    public String getClientAlias() {
        String str;
        String str2;
        boolean[] keyUsage;
        List<String> clientAliasesInternal = getClientAliasesInternal();
        if (clientAliasesInternal == null) {
            Log.e("PKCS11KeyStore", "getClientAlias() can't get aliases list");
            return null;
        }
        try {
            Iterator<String> it = clientAliasesInternal.iterator();
            String str3 = null;
            while (true) {
                try {
                    if (!it.hasNext()) {
                        str2 = null;
                        break;
                    }
                    str2 = it.next();
                    X509Certificate x509Certificate = (X509Certificate) this.mKeyStore.getCertificate(str2);
                    if (x509Certificate != null && (keyUsage = x509Certificate.getKeyUsage()) != null && keyUsage[0]) {
                        List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                        if (extendedKeyUsage != null && extendedKeyUsage.contains("1.3.6.1.5.5.7.3.2")) {
                            break;
                        }
                    } else {
                        str2 = str3;
                    }
                    str3 = str2;
                } catch (KeyStoreException e) {
                    e = e;
                    str = str3;
                    Log.e("PKCS11KeyStore", "getClientAlias() failed : " + e.getMessage());
                    return str;
                } catch (CertificateException e2) {
                    e = e2;
                    str = str3;
                    Log.e("PKCS11KeyStore", "getClientAlias() failed : " + e.getMessage());
                    return str;
                }
            }
            return str2 != null ? !str2.isEmpty() ? str2 : str3 : str3;
        } catch (KeyStoreException e3) {
            e = e3;
            str = null;
        } catch (CertificateException e4) {
            e = e4;
            str = null;
        }
    }

    public PrivateKey getPrivateKey(String str) {
        SdlLog.secV("PKCS11KeyStore", "getPrivateKey() alias:" + str);
        try {
            return (PrivateKey) this.mOpenSSLEngineMethodGetPrivateKeyById.invoke(this.mOpenSSLEngine, str);
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
            Log.e("PKCS11KeyStore", "getPrivateKey() failed :" + e.getMessage());
            return null;
        }
    }

    public synchronized boolean initialize() {
        boolean z;
        try {
        } catch (IOException | IllegalArgumentException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            Log.e("PKCS11KeyStore", "initialize() failed:" + e.getMessage());
            z = false;
        }
        if (this.mKeyStore != null) {
            z = true;
        } else {
            this.mKeyStore = KeyStore.getInstance("PKCS11", "SECPkcs11");
            this.mKeyStore.load(null, null);
            z = initializeOpenSSLEngine();
            if (!z) {
                this.mKeyStore = null;
                Log.e("PKCS11KeyStore", "initialize() failed");
            }
        }
        return z;
    }
}
